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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)K Responsive to connmunication(s) filed on 29 August 2001 . 
2a)\Z\ This action is FINAL. 2b)^ This action is non-final. 

3) n Since this applicatjon is in con(jition for allowance except for fornnal matters, prosecution as to the nnerits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 C.D. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) 13 Claim(s) 7-45 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 13 Claim(s) 1-45 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)D accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or fomri PTO-1 52. 

Priority under 35 U.S.C. § 11 9 

1 2)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)n All b)n Some * c)\3 None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1 -45 have been examined. 

Priority 

2. Acknowledgment is made of applicant's claim priority based on application 
09/728558 filed on 12/1/2000, 

Double Patenting 

3. Claims 1 -28, 31 -45 are rejected under the judicially created doctrine of obviousness- 
type double patenting as being unpatentable over claims 1-16 and 18-22 of U.S. 
Patent Application No. 09/728558. Although the conflicting claims are not identical, 
they either recite a concomitance of the claim features, or they are their obvious 
modifications. 

For example, compare claim 1(09/728558) with claim 13 of the current application 
(09/941326); or for even more clear example with claim 33 (the current application). 

Information Disclosure Statement 

4. The information disclosure statement filed 12/01/00 fails to comply with the 
provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because Caronni et al.'s "Virtual 
Enterprise Networks: The Next Generation of Secure Enterprise Networking," does 
not contain a publication date. It has been placed in the application file, but the 
information referred to therein has not been considered as to the merits. Applicant is 
advised that the date of any re-submission of any item of information contained in 
this information disclosure statement or the submission of any missing element(s) 
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will be the date of submission for purposes of determining compliance with the 
requirements based on the time of filing the statement, including all certification 
requirements for statements under 37 CFR §1 .97(e). SeeMPEP§609 C(1). 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

5. Claims 5-7, 15-19, 24-25, 28-30, 34 and 39-41 are rejected under 35 U.S.C. 112, 
second paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter that applicant regards as the invention. 

6. "The first transport port" in claim 7 lacks antecedent basis. 

7. The phrase " keyed to ... port/service-access-point/a pocket transport protocol/(etc.)" 
in claims 5 and 1 5-1 9 is not understood. It is not clear whether the limitation limits 
the invention to program the logic using port/service-access-point/a pocket transport 
protocol/(etc.) on a particular node or whether it simply refers to restricting/allowing a 
particular port/SAP/a pocket transport protocol/(etc.) communication on a node 
where the logic resides. The phrase is treated as best understood. 

8. The phrase "pre-provisioning the interconnection system" in claim 24 is not 
understood. For purposes of further examination the phrase is treated as specifying 
that the interconnection system has some default setting. 
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9. The term "a platform-provider" in claim 34 is not clear and for purposes of further 
examination is treated as best understood. 

10. The phrase: "provisioning the interconnection system on demand" in claim 25 is not 
understood. The phrase is treated as equivalent to "providing the interconnection 
system when demanded". 

1 1. Translating the instructions into packet-filtering logic executable by the packet- 
filtering agent" in claim 27 is not understood. It is not clear what level of instructions 
(e.g. application level, binary code or machine language) the limitation refers to. 

12. Claim 28 recites: "entity external to the interconnection system" is not understood. 
Determining whether the attempted inter-node communication is allowed or not 
allowed is a part of the system that interconnects devices. 

Claims 30 and 39 are similarly rejected. 

13. Also, claim 28 recites: "performs the element of determining", and the subsequent 
claim 29 recites: "in response to a determination". Clarification whether these two 
are the same determinations or unrelated determinations is required. 

14. Claims 6 and 40-41 are rejected by virtue of their dependence. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed In the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

15. Claims 1, 13-15 and 37-38 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Pfleeger (Charles P, Pfleeger, "Security in Computing", ISBN 0133374866, 1996), 

16. As per claims 1 and 13 Pf/eeger teaches a screening router that can allow or 
restrict inter-node communication based on network addresses and port numbers 
(Pfleeger sec. 9.5 pg. 426-428). 

17. The limitations of claims 37 and 38 are inherent. In inter-node communications 
there must be at least two computer-program applications and the applications 
comprise multiple components. Similarly applications that have a respective SAP 
must be loaded on both communicating parties in order to achieve inter-node, 
communication. 

IS.CIaims 1-4, 8, 12-26, 31-32, 34, 36-39 and 42 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Wiegel (U.S. Patent No. 6484261). 

19. As per claims 1, 13, 37 and 38 IV/ege/ teaches a method for controlling a network 
device that passes or rejects information messages, the method comprising the 
computer-implemented steps of defining a set of symbols that identify logical 
operations that can be carried out by the network device; defining an information 
communication policy for the network device by graphically interconnecting one or 
more of the symbols into a symbolic representation of the policy; and generating a 
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set of instructions based on the symbolic representation of the policy, wherein the 
set of instructions causes the network device to selectively pass or reject messages 
according to the policy (Wiegel, col. 5 lines 12-23), 

20. This reads on establishing access control'logic restricting inter-node communication 
involving the at least one service component based on the identity of at least one of 
the service components, applying the access-control logic to block an inter-node 
communication involving the at least one service component. 

21. As per claims 2-4, 8, 12, 14-26, 31-32, 34, 36, 39, 42 l4//ege/ teaches that sites 
determine how security policies are applied, how networks. are organized, and how 
network address translation works between two or more sites. How a network packet 
travels across two sites determines which security polices are applied. This traversal 
identifies the source and destination of the packet, thus identifying the point of origin 
as one site. Security policies that are applied to a particular site are enforced against 
all network packets that originate from that site (col. 13 lines 14-22, col. 7 lines 45- 
54). Wiegers invention utilizes applications, IP addresses. Port related to source 
and destinations (col. 7 lines 45-54) and applies the controls to Internet 
communication (col. 10 lines 44-67). The system comprises a firewall, a router and 
a switch that enforce one or more network security policies and a policy translation 
agent responsible for translating or converting policies as represented in knowledge 
base into a form that can be understood by a firewall, a router or a switch (Fig. 2, 
coi 11 lines 22-42). 
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22. Claims 5-7, 9-1 1 . 27-30, 33, 35, 40-42 and 44-45 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Wiegel (U.S. Patent No. 6484261) in view of 
Official Notice. 

23. Wiegel teaches a method as discussed above. 

24. As per claims 5-7 Wiegel does not explicitly teach that the at least one service 
component resides at at least one service-access point in the computing 
environment, and wherein translating the rule into the access-control logic comprises 
mapping the rule into packet-filter logic keyed to the at least one service-access- 
point. 

Official Notice is taken that it is old and well-known practice that network 
communication may occur with any network nodes including a node that contains 
access-control logic. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention not to exclude any network node (including a node that contains access- 
control logic) from network communication. One of ordinary skill in the art at the time 
of applicant's invention would have been motivated to communicate with any 
network device including a device that contains access-control logic in order to 
configure or monitor operation of the device and as apply communication restriction 
involving the node with containing access-control logic. 

The implementation of the communication restriction at the node with access-control 
logic would implicitly read on the limitation of the at least one service component 
residing at at least one service-access-point in the computing environment, wherein 
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translating the rule into the access-control logic comprises mapping the rule into 
packet-filter logic keyed to the at least one service-access-point. 

25. As per claims 28-30 and 39 Wiegel does not explicitly teach that instructing the 
interconnection system to block the communication is done by the external entity. 
Official Notice is taken that it is old and well-known in the art to practice to restrict 
specialized function within devices (such as firewall) and assign tasks such as 
determination that the attempted inter-node communication (ACL functionality) is not 
allowed from a device performing the actual blocking. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to restrict specialized function within devices (such as firewall) and assign 
tasks such as determination that the attempted inter-node communication (ACL 
functionality) is not allowed from a device performing the actual blocking. One of 
ordinary skill in the art at the time of applicant's invention would have been 
motivated to use two different (external to each other) entities to perform these two 
different tasks in order to have a quicker response and an easier/better understood 
performance of the tasks. 

26. As per claims 40-41 l/l//ege/ teaches that security policies are applied to each 
incoming session (Wiegel, col. 10 lines 1-15) and policy control panel (Fig. 3).; 

27. As per claim 9 Wiegel does not explicitly teach that at least two processing nodes of 
the plurality of interconnected processing nodes run different operating system. 
Official Notice is taken that it is old and well-known practice to interconnect 
processing nodes running different operating systems. 



Application/Control Number: 09/941 ,326 Page 9 

Art Unit: 2134 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to interconnect processing nodes running different operating systems. 
One of ordinary skill in the art at the time of applicant's invention would have been 
motivated to utilize Wiegel's invention in the environment where interconnected 
processing nodes run different operating systems in for benefit of interoperability. 

28. Claims 10 and 44-45 are substantially equivalent to claim 9; therefore claims 10 and 
44-45 are similarly rejected. 

29. As per claims 1 1 , 33 and 42 Wiegel does not explicitly teach that the computing 
environment is a cluster-based computing environment. 

Official Notice is taken that utilizing a cluster-based computing environment is old 
and well-known practice. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to utilize Wiegel's invention in a cluster-based computing environment. 
One of ordinary skill in the art at the time of applicant's invention would have been 
motivated to employ a cluster-based computing environment to take advantage of 
communication accessibility. 

30. As per claim 35 Wiegel does not teach an attempted inter-node communication 
comprising an attempted inter-node between antagonistic service components and 
application providers competing for business. Official notice is taken that it is old 
and well-known in the art that the Internet includes nodes with antagonistic service 
components hosted by many competing application providers. Thus it is unrealistic 
to keep out all of the nodes with antagonistic services out of the Internet connection. 
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Therefore it would have been obvious that antagonistic serviced components will 
compete. 

31 .As per claim 27 Wiegel teaches that the switch utilizes a policy translation agent to 
translate or converting policies as represented in knowledge base into a form that 
can be understood by the switch. Wiegel does not explicitly teach the switch 
translating the instructions by itself. 

Official Notice is taken that it is old and well-known practice to implement instruction 
translation on a device that implements the instruction. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implement instruction translation on a device that implements the 
instruction. One of ordinary skill in the art at the time of applicant's invention would 
have been motivated to employ translating the instruction on the executing device in 
order to speed up the execution process. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: Martin et al. (U.S, Patent No. 6765927). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is 
(571 )272-3840. The examiner can normally be reached Monday through Thursday 
from 9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571 ) 272-3838. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 






